Incident

An event is simply something that happened (a login, a file change); an incident is a confirmed event that violates policy or threatens confidentiality, integrity, or availability. Declaring an incident triggers the formal response process — investigation, communication, containment, and a post-incident review — and often legal or regulatory notification clocks. Accurate classification matters: over-declaring burns out the team, under-declaring lets real attacks run.